- Is your business safe from cyber threats?
- What is CyberSecurity?
- What should we do?
The topic of CyberSecurity, data protection, on-line threats, etc are hot topics at the moment, and quite rightly so. In the last 10 years Cyber Attacks total some 780 million incidents with the number climbing as we move ever more on-line, mobile and connected
So let’s look at this and start with the basics so you can think about them in the context of your business and Is your business cybersafe
What does it mean?
The phrase of Cyber security relates to a few key elements:
- Data or Information as you may like to think of it; store, send or receive it, it’s the same thing
- Transport or how does it travel over the internet whether sending or receiving
- Measures – What should you do to protect your data and control the transport
Your data and how it’s transport should be relatively easy for you to define & quantify, but there are variables and that’s where things start to get interesting & quickly. Variables include:
- Risk a deeply subjective topic in itself and one that can vary hugely depending on the people, organisation, market, age of business
- People & Habits The #1 topic here is often passwords, what passwords are used, how they are used, how often they are changed, who knows them, password policies and so on
- But Why Us? * Most cybercrime is opportunistic. People who send e-mail with malicious content expect to be stopped 95+% of the time, but they’re playing the odds as they have probably sent them same message several hundred thousand times, maybe millions. Do the maths for yourself. Most threats are system generated, automatic and working 24×7 to breach your defences *
- Systems most organisations, especially SME’s have woefully inadequate systems to protect them from intrusion. They typically lack both the equipment to protect and the means to notice if there is anything wrong at all
The variables will be different for everyone and quite often shift over a period of time so whilst you think you may have things covered today a periodic review would also make perfect sense.
The variables do also mean that one size does not fit all. Each business needs to find a way to asses it’s own risk and adopt solutions and process for dealing with this issue. Note here we’ve added the word process to the sentence, if you want to substitute the word process for common sense it would do you no harm at all
So what should we be doing?
There are a range of things that you need to consider and bearing in mind the variables you are going to have to make some decisions that suit your business. It’s a bit like stepping out of the house on a cold day. We all feel the cold differently and have preferences about what we want to wear, how we look, how we feel etc.
Here’s what to at least start thinking about:
Patching: Patch your systems regularly and apply manufacturer provided updates, monthly at the very least. Be sure to include all systems
Passwords: Think about passphrases rather than passwords, mix upper and lower case and include at least 1 number or special character. Change your passwords on a regular basis too
Data: Think about your data. What do you have, who can access it, where can they access it, how do you know if they’ve accessed it. You probably don’t know the answer to a few of these which means you have a potential problem
Transports: What protection do you have through internet connections, mail, anti-virus, spam. Most SME’s will take this for granted and invariably have areas for improvement.
These 4 items are by no means definitive but starting here will make you significantly more CyberSecure than before you started. Is your business cybersafe?
We’ll be posting further updates to this topic in the coming week going a little deeper into the areas covered here, more examples and more specifics to help you understand any weaknesses and how to go about improving them and considering the question Is your business cybersafe?
*There have been quite a few, very high profile and well documented thefts of electronic data from large corporate organisations. These are planned and very deliberate. But please don’t think that because your business isn’t listed on the stock exchange you are any less vulnerable. You are not.
Is your business cybersafe